Key Takeaways:
- Iran’s top crypto exchange, Nobitex, lost $48.65 million in a cyberattack led by an Israeli-linked hacker group, Gonjeshke Darande.
- Hackers threatened to leak Nobitex’s internal data and warned users to withdraw funds or risk total loss.
- The incident follows a series of high-impact cyberattacks targeting Iranian institutions in the ongoing Iran-Israel conflict.
Iran’s top crypto exchange, Nobitex, has suffered a massive breach with more than $48 million in digital assets reportedly siphoned off by hacker group Gonjeshke Darande.
The group, which is known as “Predatory Sparrow,” announced the attack publicly on X on June 18, accusing Nobitex of enabling terror financing and bypassing international sanctions.
Stolen money, which was largely in Tron’s TRX tokens, was flagged by on-chain analyst ZachXBT. He noted suspicious Nobitex wallet outflows totaling $48.65 million.
The funds were related to a vanity wallet address publicly taunting Nobitex as well as Iran’s government. The breach was confirmed by the crypto exchange on a social media platform, but it didn’t disclose the stolen funds.
According to cybersecurity expert Rob Joyce, the scale of this breach, in addition to a pattern of activity by the group, indicates sophisticated planning and probable state support. Joyce, a former NSA cybersecurity director, said attacks on strategic financial infrastructure could create additional instability in the region.
Political Targets in Digital Crosshairs
The attack on Nobitex was not an isolated attack. The previous day, Gonjeshke Darande claimed to have breached Iran’s state-owned Bank Sepah. The bank’s website remained off until June 17, and users reportedly encountered access denial.
Cybersecurity experts believe that efforts made by the group are a well-planned assault on Iranian economic infrastructure aimed at crippling it.
The group, which has allegedly been linked to several previous cyber attacks on Iranian steel facilities and gas stations, has a history of both cyber and physical attacks. A hack in 2022 on an Iranian steel mill resulted in a gigantic fire.
In 2021, their cyber attack knocked out over half of Iran’s gas stations. The attacks unmistakably go beyond mere hacktivism, as they would involve strategic support, probably by Israeli intelligence, stated cybersecurity firm Recorded Future.
Nobitex Crypto Users at Risk as Group Threatens Data Leak
The ramifications for Nobitex could get worse. Gonjeshke Darande has made a 24-hour threat, promising to leak the exchange’s internal source code as well as its users’ data. This would result in additional theft, massive withdrawals, as well as permanent destruction of the reputation of the exchange.
Security professional Michael Bazzell believes that those who have not withdrawn funds from the site are in actual danger. The advisory is also putting Iranian officials regulating as well as law enforcement agencies in a tight spot, who now have burgeoning scrutiny for poor digital infrastructure and growing vulnerability of strategic resources.
Related Reading | Senate Crypto Bill Advances, But Trump’s Stablecoin Faces No Limits